Every integration is a place a founder who can't read code has to trust
the agent completely — with real money, real user data, or both. PLUG
exists to make that trust checkable instead of blind.
-
Pick the service — check for a configured MCP server first.
.mcp.json already wires supabase, stripe, vercel, sentry,
posthog, playwright, github, context7. Use the configured server
directly when the need matches one of these; only reach for raw API
keys and docs for services outside this list.
-
Look at docs before writing any code. Use the context7 MCP server
for current library/API documentation rather than relying on
potentially stale training data — integration APIs change often.
-
Know each server's safety posture before touching it, from
references/mcp-servers.md: Supabase defaults to read_only=true —
don't remove that without a stated reason. Stripe can move real money
and issue refunds; live-mode actions are gated by policy.json rules
prod-boundary-stripe-live-key and cost-stripe-live-mode-toggle —
expect and respect the confirmation prompt, don't route around it.
Vercel is read-only/status-only and cannot trigger deploys.
-
Use AI to connect it. Give the agent the specific need plus the
relevant docs, following PLUG's own phrasing: "Connect X to my app so I
can Y."
-
Guard the keys. Secrets go in environment variables, never
hardcoded or committed. policy.json's secrets category (e.g.
secrets-git-add-env) catches some of this automatically — state
explicitly where the key ended up stored regardless.
-
Confirm the connection actually works. A real test call, not "it
compiles." Hand off to /verify-path for the fuller evidence pass.